在PHP中尝试3次后阻止了用户? [英] Blocked the user after 3 attempts in PHP?

问题描述

在尝试3次登录后如何阻止用户并将其存储到数据库?我已经在用户表中添加了两列，一列用于尝试登录的次数，第二列用于上次登录的日期时间.请帮助我，如何做到这一点.我不太擅长PHP.

How to block the user after 3 login attempts and store it to database? I already add two columns in user table, one for number of login attempts and second, for datetime of last login. Please help me, how to do this. I'm not good in PHP.

谢谢

这是我的login.php

Here's my login.php

session_start();
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
    $ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
    $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
    $ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
    $ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
    $ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
    $ipaddress = getenv('REMOTE_ADDR');
else
    $ipaddress = 'UNKNOWN';

$loginDate = date("Y-m-d H:i:s");
$Error ="";
$successMessage ="";
if (isset($_POST['submit'])){
if ( !( $_POST['cnumber'] == "" && $_POST['password'] == "")){
    $cnumber=$_POST['cnumber'];
    $password= sha1($_POST['password']);
    $cnumber = filter_var($cnumber, FILTER_SANITIZE_NUMBER_INT);

if (filter_var($cnumber, FILTER_VALIDATE_INT)){
$con=mysqli_connect("localhost","root","","users");

$result = mysqli_query($con, "SELECT * FROM users WHERE contractNumber='$cnumber' AND password='$password'");
$data = mysqli_num_rows($result);

if($data==1){
    $_SESSION['login_user']=$cnumber;
    mysqli_query($con, "INSERT INTO `users`.`logs`(`contractNumber`, `lastLogin`, `ipAddress`) VALUES ('$cnumber', '$loginDate', '$ipaddress')");
    header('Location: profile.php');
} else {
    $Error ="Invalid Contract Number or Password.";
    mysqli_query($con, "UPDATE users SET loginAttempt = loginAttempt + 1 WHERE contractNumber = '$cnumber' ");
    print_r(mysqli_affected_rows($con));
} 
    mysqli_close($con);
} else {
    $Error ="Invalid Contract Number.";
 }
} else {
    $Error ="Contract Number or Password is Empty.";
}
}

推荐答案

不要使用cookie，因为黑客仍然可以禁用cookie并继续进行蛮力攻击.请改用您的数据库.对于每次失败的尝试，将其与时间戳一起记录到表中.然后针对每个请求，使用用户ID和时间戳进行查询，然后获取计数.那应该给你尝试的次数.

Don't use cookies as the hacker can still disable cookies and continue brute force attacks. Use your database instead. For every failed attempt, log it into the table, together with a time stamp. Then on each request, do a query with the user ID and time stamp, then get the count. That should give you the number of times tried.

这篇关于在PHP中尝试3次后阻止了用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！